CVE-2019-5307
Description
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
Risk Information
Base Score
4.2
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.03
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities affected in p30_firmware 9.1.0.226(c00e220r2p1) | NCM |
| Multiple Vulnerabilities affected in p30_firmware 9.1.0.193 | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.160(c01e160r2p11) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.160(c00e160r3p8) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.160(c00e160r2p11) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.135(c00e135r2p11) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.128(c635e3r2p4) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.126(c636e7r3p4) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.126(c605e19r1p3) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.126(c461e7r3p1) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.126(c185e4r7p1) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.126(c10e7r5p1) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.123(c432e22r2p5) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.1.0.123(c431e22r2p5) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.0.0.185(c00e85r1p11) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.0.0.173(c00e73r1p11) | NCM |
| Vulnerabilities CVE-2019-5231 ,CVE-2019-5287 ,CVE-2019-5288 ,CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 10.0.0.166(c00e66r1p11) | NCM |
| Vulnerabilities CVE-2019-5307 ,CVE-2021-22331 are affected in p30_firmware 9.1.0.193(c00e190r2p1) | NCM |
| Authentication Bypass by Capture-replay Vulnerability (CVE-2019-5307) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234